Dear all, in reference to the http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/a40190d1-cf7c-48e0-a12e-76383685fe19thread, i want to be able to set teh pwdlasset attribute to 0 each time i provision a new user in ILM2. I am using IM2 RC0 and as per the thread there is still a bug that you cannot set this value from an outbound synchronization rule from the ILM portal. So i switched to using the code in an maextension and what i put is the following: case "pwdlastset": ConnectedMA adMa = mventry.ConnectedMAs["AD MA"]; int numAdConnectors = adMa.Connectors.Count; if (numAdConnectors == 0) csentry[ "pwdLastSet"].Value = "0"; break;what i mean is that if the user is new, then set the pwdLastSet attribute to zero. however it is not working since when the attribute flow rule in the maextension is running, the object is already in teh connector space since it is being created using the outbound sync rule and the if statement up is not being true. How can i fulfill this using ILM2??Thanks for your helpMM

If you look at the attribute flow configuration in an outbound synchronization rule, you will find an option to check off a flow as initial flow.Initial flows are the same as initializing attributes in provisioning code.So, what you need is an outbound flow in your outbound synchronization rule - 0 -> CS.pwdLastSet - that has the initial flow flag set.Cheers,MarkusMarkus Vilcinskas, Technical Content Developer, Microsoft Corporation

thank you Markus, the problem is that if you look at this thread http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/a40190d1-cf7c-48e0-a12e-76383685fe19the pwdlastset cannot be used in an outbound sync rule due to a bug in ILM2 RC0. that is why i am trying to fill it using the coding way. Cheers,MM

Ohh - I haven't looked at the post :-)You will have to either implement your complete provisioning code the old way or you could try a workaround by using an operational attribute and an advanced (oldstyle) outbound flow that checks the precence of an operational attribute.In case of the operational attribute, you flow theobjectGUID from AD into an attribute in the MV - eg.: adGUID.You will also need a second attribute - something like employeeID as source to get the flow triggered.That way, you could use an IsPresent check on the adGUID attribute to determine whether you need to flow out a 0.In pseudo code: If Not IsPresent MVEntry("adGuid") then CSentry("pwdLastSet").value = 0 End IfThat should be good enough as workaround...Cheers,MarkusMarkus Vilcinskas, Technical Content Developer, Microsoft Corporation

Marie-Ange, there is one more thing you can try.This still requires the operational attribute I have mentioned. However, instead of using an advanced export attribute flow, it might also work if you just add If Not IsPresent MVEntry("adGuid") then CSentry("pwdLastSet").value = 0End If to the connectors = 1 part of your provisioning code. If you have an empty test environment, you can test this without having the operational attribute implemented.You cant set attributes on initialized connectors and would usually get an read only exception. However, in your case, the connector has not been committed yet is technically still an export phantom which is why you should be able to initialize additional attributes.I have no time to test this right now; however, I thought, I should pass this on to you in case you are working on this right now. Cheers,MarkusMarkus Vilcinskas, Technical Content Developer, Microsoft Corporation

thank you Markus, it workedMM